Search in sources :

Example 16 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class JwtBearerOAuth2AuthorizedClientProviderTests method setup.

@BeforeEach
public void setup() {
    this.authorizedClientProvider = new JwtBearerOAuth2AuthorizedClientProvider();
    this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class);
    this.authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
    // @formatter:off
    this.clientRegistration = ClientRegistration.withRegistrationId("jwt-bearer").clientId("client-id").clientSecret("client-secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").tokenUri("https://example.com/oauth2/token").build();
    // @formatter:on
    this.jwtAssertion = TestJwts.jwt().build();
    this.principal = new TestingAuthenticationToken(this.jwtAssertion, this.jwtAssertion);
}
Also used : OAuth2AccessTokenResponseClient(org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 17 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class ServerOAuth2AuthorizedClientExchangeFilterFunctionTests method filterWhenJwtBearerClientNotAuthorizedThenExchangeToken.

@Test
public void filterWhenJwtBearerClientNotAuthorizedThenExchangeToken() {
    setupMocks();
    OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("exchanged-token").tokenType(OAuth2AccessToken.TokenType.BEARER).expiresIn(360).build();
    given(this.jwtBearerTokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
    // @formatter:off
    ClientRegistration registration = ClientRegistration.withRegistrationId("jwt-bearer").clientId("client-id").clientSecret("client-secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").tokenUri("https://example.com/oauth/token").build();
    // @formatter:on
    given(this.clientRegistrationRepository.findByRegistrationId(eq(registration.getRegistrationId()))).willReturn(Mono.just(registration));
    Jwt jwtAssertion = TestJwts.jwt().build();
    Authentication jwtAuthentication = new TestingAuthenticationToken(jwtAssertion, jwtAssertion);
    given(this.authorizedClientRepository.loadAuthorizedClient(eq(registration.getRegistrationId()), eq(jwtAuthentication), any())).willReturn(Mono.empty());
    // @formatter:off
    ClientRequest request = ClientRequest.create(HttpMethod.GET, URI.create("https://example.com")).attributes(ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId(registration.getRegistrationId())).build();
    // @formatter:on
    this.function.filter(request, this.exchange).subscriberContext(ReactiveSecurityContextHolder.withAuthentication(jwtAuthentication)).subscriberContext(serverWebExchange()).block();
    verify(this.jwtBearerTokenResponseClient).getTokenResponse(any());
    verify(this.authorizedClientRepository).loadAuthorizedClient(eq(registration.getRegistrationId()), eq(jwtAuthentication), any());
    verify(this.authorizedClientRepository).saveAuthorizedClient(any(), eq(jwtAuthentication), any());
    List<ClientRequest> requests = this.exchange.getRequests();
    assertThat(requests).hasSize(1);
    ClientRequest request1 = requests.get(0);
    assertThat(request1.headers().getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Bearer exchanged-token");
    assertThat(request1.url().toASCIIString()).isEqualTo("https://example.com");
    assertThat(request1.method()).isEqualTo(HttpMethod.GET);
    assertThat(getBody(request1)).isEmpty();
}
Also used : OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) Jwt(org.springframework.security.oauth2.jwt.Jwt) Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) ClientRequest(org.springframework.web.reactive.function.client.ClientRequest) Test(org.junit.jupiter.api.Test)

Example 18 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError.

// gh-5251
@Test
public void doFilterWhenAuthorizationResponseClientRegistrationNotFoundThenClientRegistrationNotFoundError() throws Exception {
    String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
    String state = "state";
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    request.addParameter(OAuth2ParameterNames.CODE, "code");
    request.addParameter(OAuth2ParameterNames.STATE, "state");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    // @formatter:off
    ClientRegistration registrationNotFound = ClientRegistration.withRegistrationId("registration-not-found").clientId("client-1").clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("{baseUrl}/login/oauth2/code/{registrationId}").scope("user").authorizationUri("https://provider.com/oauth2/authorize").tokenUri("https://provider.com/oauth2/token").userInfoUri("https://provider.com/oauth2/user").userNameAttributeName("id").clientName("client-1").build();
    // @formatter:on
    this.setUpAuthorizationRequest(request, response, registrationNotFound, state);
    this.filter.doFilter(request, response, filterChain);
    ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
    verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
    assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
    OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
    assertThat(authenticationException.getError().getErrorCode()).isEqualTo("client_registration_not_found");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) AuthenticationException(org.springframework.security.core.AuthenticationException) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 19 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class JwtBearerReactiveOAuth2AuthorizedClientProviderTests method setup.

@BeforeEach
public void setup() {
    this.authorizedClientProvider = new JwtBearerReactiveOAuth2AuthorizedClientProvider();
    this.accessTokenResponseClient = mock(ReactiveOAuth2AccessTokenResponseClient.class);
    this.authorizedClientProvider.setAccessTokenResponseClient(this.accessTokenResponseClient);
    // @formatter:off
    this.clientRegistration = ClientRegistration.withRegistrationId("jwt-bearer").clientId("client-id").clientSecret("client-secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).scope("read", "write").tokenUri("https://example.com/oauth2/token").build();
    // @formatter:on
    this.jwtAssertion = TestJwts.jwt().build();
    this.principal = new TestingAuthenticationToken(this.jwtAssertion, this.jwtAssertion);
}
Also used : TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) ReactiveOAuth2AccessTokenResponseClient(org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 20 with ClientAuthenticationMethod

use of org.springframework.security.oauth2.core.ClientAuthenticationMethod in project spring-security by spring-projects.

the class OAuth2UserRequestTests method setUp.

@BeforeEach
public void setUp() {
    // @formatter:off
    this.clientRegistration = ClientRegistration.withRegistrationId("registration-1").clientId("client-1").clientSecret("secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri("https://client.com").scope(new LinkedHashSet<>(Arrays.asList("scope1", "scope2"))).authorizationUri("https://provider.com/oauth2/authorization").tokenUri("https://provider.com/oauth2/token").clientName("Client 1").build();
    // @formatter:on
    this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token-1234", Instant.now(), Instant.now().plusSeconds(60), new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
    this.additionalParameters = new HashMap<>();
    this.additionalParameters.put("param1", "value1");
    this.additionalParameters.put("param2", "value2");
}
Also used : LinkedHashSet(java.util.LinkedHashSet) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) BeforeEach(org.junit.jupiter.api.BeforeEach)

Aggregations

Test (org.junit.jupiter.api.Test)12 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)11 BeforeEach (org.junit.jupiter.api.BeforeEach)7 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5 InMemoryClientRegistrationRepository (org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository)4 Jwt (org.springframework.security.oauth2.jwt.Jwt)4 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 Authentication (org.springframework.security.core.Authentication)3 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)3 NimbusJwtDecoder (org.springframework.security.oauth2.jwt.NimbusJwtDecoder)3 RSAKey (com.nimbusds.jose.jwk.RSAKey)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 OAuth2AccessTokenResponseClient (org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient)2 ClientAuthenticationMethod (org.springframework.security.oauth2.core.ClientAuthenticationMethod)2 OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)2 OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)2 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)1 OctetSequenceKey (com.nimbusds.jose.jwk.OctetSequenceKey)1 FilterChain (jakarta.servlet.FilterChain)1